Submit Content

Do you have a specific security challenge or issue?
Let us help you

Skip to main content

blog

OT Perimeter Assessment Step 1: Network Design

| Author: SECURA

Traditional notions of Operational Technology (OT) networks as isolated no longer reflect reality. In today's landscape, OT networks intertwine with IT networks, exposing them to all kinds of threats. Most cyber attacks begin in the IT or external networks. Attackers then exploit vulnerable connections and infiltrate the OT side. Addressing these threats and securing the perimeter is often the most important step when it comes to OT security.

Operational Technology environments are complex and difficult to secure. Assessing your whole network at once or chasing full compliance towards IEC 62443 can seem like an unachievable goal. Where do you start?A good starting point is the OT Perimeter Assessment. It focuses on securing all connections between the OT systems and all external networks. The assessment itself consists of three important steps: reviewing the network design, firewall configuration analysis and traffic- and system scans.

This article covers the first step: The network design. How exactly do we pinpoint threats using your network design? And what’s in it for you?

Constructing a Network Illustration

The first thing we do when conducting an OT Perimeter Assessment, is to define the project's scope, always in consultation with you, the client. What exactly is your OT network and how is it interconnected? We analyze the network by studying documents like network drawings, asset registers and firewall configurations, even though this information might be incomplete or outdated.

Using these documents, we then create an initial data flow diagram (DFD), mapping essential systems in the connection between IT and OT networks. A DFD is a high-level representation of the network that we can use to map out all interconnectivity between different trust zones, like IT, OT or external zones like vendors or cloud applications. This diagram also illustrates the separation between various zones and systems in the IT and OT networks, following the structure of the Purdue model.

This is the first article of a series of 3. The last 2 articles will follow soon!

Click here to read the full blog on the assessment step 1: Network Design!

Source: Secura

Photo: Istock.com/TU IS

Read more
Secura

Get to know more about this topic!

Operational Technology (OT) security
Submit Content

Do you have a specific security challenge or issue?
Let us help you